Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 3 of 3 total
Thread 2.04 Update
Wed, Dec 16 2015 5:29 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Just a quick update on 2.04:  things got delayed a bit while I fixed a couple of new issues and added a new login client/module example.  In order to do the login module properly, I added OpenSSL hooks to the EWB Web Server, so you can now use the OpenSSL hashing support (MD5, SHA1, SHA256, and SHA512) in your web server modules.  This is also the basis for the proper SSL/certificate support in the EWB Web Server, which will be coming soon, as well as the inclusion of HMACs and one-time-password support in a future release.

Along these lines:  has anyone been needing basic http digest authentication in the EWB Web Server ?  I can add it if someone needs it, but it's a bit inadequate for security today and I think most people just skip it and just use an https connection.

Tim Young
Elevate Software
www.elevatesoft.com
Thu, Dec 17 2015 3:58 AMPermanent Link

Matthew Jones

Tim Young [Elevate Software] wrote:

> but it's a bit inadequate for security today

I was going to say that you need to have warnings on the MD5 and SHA1
functions that they are not considered secure nowadays. They can be
handy for some insecure purposes, and perhaps needed for backward
compatibility, but shouldn't be used otherwise.

As for the basic http authentication, I've never used it in code.

--

Matthew Jones
Wed, Dec 23 2015 6:59 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Matthew,

<< I was going to say that you need to have warnings on the MD5 and SHA1 functions that they are not considered secure nowadays. They can be handy for some insecure purposes, and perhaps needed for backward compatibility, but shouldn't be used otherwise. >>

I missed this the first time around, but yep, got it covered:

http://www.elevatesoft.com/manual?action=viewmethod&id=ewb2mod&product=rsdelphi&version=XE&comp=TEWBServerRequest&method=ComputeHash

Tim Young
Elevate Software
www.elevatesoft.com
Image